[nsp-sec] DNS and SNMP Reflection Attack Hosts
Jan Boogman
boogman at ip-plus.net
Mon Jun 24 10:13:43 EDT 2013
ACK for 3303
Thanks
Jan
Am 24.06.2013 um 07:25 schrieb Krista Hickey <Krista.Hickey at cogeco.com>:
> ----------- nsp-security Confidential --------
>
> [Apologies if this is a duplicate for you]
>
> File 622894 contains ~45K DNS resolvers observed attacking a host June 19, 2013 (peak approx 1.5Gbps)
>
> File 3952583 contains ~28K SNMP resolvers observed attacking a different host June 21, 2013 (peak approx 1Gbps)
>
> I was also working on an unrelated DNS reflection attack our hosts were participating in and in addition to usual isc.org queries I observed nukes.directedat.asia queries, I don't have many details on it at the moment but I think it speaks for itself and returns a fairly large record so perhaps someone from AS21928 T-Mobile may be interested, also found someone with thoughts on directedat.asia and some other suspect domains at http://dnsamplificationattacks.blogspot.nl/2013/06/domain-mydnsscanus.html which may be of interest.
>
> As before, details in the file, distribute as required for mitigation but no attribution please and if not necessary please strip target as well.
>
> Thanks
> Krista
> 7992
> <622894><3952583>
>
> _______________________________________________
> nsp-security mailing list
> nsp-security at puck.nether.net
> https://puck.nether.net/mailman/listinfo/nsp-security
>
> Please do not Forward, CC, or BCC this E-mail outside of the nsp-security
> community. Confidentiality is essential for effective Internet security counter-measures.
> _______________________________________________
More information about the nsp-security
mailing list